Vocab

DMZ

• Demilitarized Zone

• A separate subnetwork within an organizational network that acts as a buffer between the internal private network and the external, untrusted network.

• Placed in the DMZ:

  • Public services like web servers, email servers, FTP servers, DNS servers, VoIP servers

• Web server (ports: 80, 443)

• Exchange server (ports: 589, 149)

Firewall

• Best Enterprise Firewall: Palo Alto (300k --> 1 Million)

• The ideal solution is that you must always have 2 firewalls to protect your network. That way traffic that his the web server has to be filtered again through another firewall before it gets to the internal network.

• default state on a firewall is denied.

Next Generation Firewall (NGFW)

• A security device that analyzes network traffic and blocks potentially dangerous traffic.

• more advanced then traditional firewalls